We can also use CoTreatAsClass or CoGetInterceptor function. First of all, we can make registry modifications. There are a number of methods we can use. Here we will discuss interception of calls to a COM interface. Also check links at the end of the article. The CoCreateInstance is a preferable choice in most cases.įor more information, refer to MSDN. If you search different sources on the Internet, you will find some functions that serve as actors in creation of COM instances the most common examples are CoGetClassObject, CoCreateInstanceEx, and CoCreateInstance. To make a COM server easy to access, you need to register it in the system registry. The communications between a client and the server are performed with the help of a special Proxy/Stub DLL, which redirects client calls to the server. In any other case the server is run as another process (it may work either on a local or a remote machine). In the client process context, the server is represented by a DLL, which loads into the client process. The context (the client process context or that of any other process) in which a COM server works is also important. So to invoke any method, a client must use the corresponding pointer to perform a call. Every COM class starts with a pointer to vtable with no exceptions. Every pointer is a pointer to class methods, taking into account the order of declaration. The virtual method table (also referred to as vtable) is basically a pointer array, which performs calls of COM interface methods. Not only that, there is also room for changes, which allows implementing a custom replacement for the server. This saves us from the process of recompiling clients in case the corresponding COM server changes, but the server must still provide the same interfaces after it was modified. Thanks to this, COM objects gain independence on the binary level. Interface pointers are used by clients to perform calls for methods of a COM object. An interface can be uniquely identified by its IID (an interface ID, which is globally unique). Its functions are to count references and to get pointers to interfaces, which other objects implement. These interfaces have a common limitation: they must originate from IUnknown. This section will introduce you to the basics, so if this is what you already know, you can jump to the practical section, as this introductory section will have nothing new to teach you.ĬOM classes are designed to support the implementation of several interfaces. In general, to hook COM interface methods we need to intercept calls to COM objects, but before we commence to this task, it would be useful to discuss some basic principles of the COM technology. More information about the API hooking process is available in the Windows API Hooking post.Ĥ. To make the process described here easier to follow, we have tried to make the code examples given here simple in order to focus on what is relevant for our task. Each approach will be considered in details we will consider the upsides and downsides of each of them. The process of COM object hooking has two major approaches. However COM technology has its own specifics, so the two processes differ in some aspects. If you are acquainted with user-mode API hooks, it will be apparent to you that the process of API hooking shares some features with hooking COM objects (not only in methods used, but also in their purpose). Here you’ll find: theory, functional code samples, and clear explanations. The current article was written to help you get familiar with the procedure of implementing COM interface hooking. Mobile Device and Application Management.Artificial Intelligence Development Services.Cloud Infrastructure Management Services.Hooking COM Objects: Intercepting Calls to COM Interfaces
0 Comments
Leave a Reply. |